Bug#765639: affecting more and more people

To: 765639@bugs.debian.org
Subject: Bug#765639: affecting more and more people
From: Christian Beer <christian.beer@aei.mpg.de>
Date: Mon, 15 Feb 2016 19:46:11 +0100
Message-id: <[🔎] 56C21CF3.9080006@aei.mpg.de>
Reply-to: Christian Beer <christian.beer@aei.mpg.de>, 765639@bugs.debian.org

Hi,

there are more people reporting that they are directly affected by a bug
in the Debian Jessie openssl package where it doesn't check an
alternative certificate chain (which is fixed in the latest upstream 1.0.1).

I would urge the Release Team to come to a conclusion regarding the
upgrade of openssl which would fix this issue. It is also possible to
reintroduce the old certificates in a new version of ca-certificates if
the upgrade is denied but this wouldn't fix other issues with openssl.

Right now the combination of openssl and ca-certificates in Debian
Jessie is not working for a lot of websites (that they themselves can't
fix). I understand the hesitation to upgrade openssl but I would like to
return to a working Jessie rather than use an obviously broken one.

Regards
Christian

Reply to:

Follow-Ups:
- Bug#765639: affecting more and more people
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Prev by Date: Bug#813128: Fwd: Bug#813128: transition: openmpi
Next by Date: Bug#765639: affecting more and more people
Previous by thread: Processed: Re: Bug#814780: transition: papi
Next by thread: Bug#765639: affecting more and more people
Index(es):
- Date
- Thread